d03309b4036b2c13e2d436382355510b_JaffaCakes118

General

Target

d03309b4036b2c13e2d436382355510b_JaffaCakes118
Size

21KB
MD5

d03309b4036b2c13e2d436382355510b
SHA1

5f84078ed18903099b88021984bcf38635ba1087
SHA256

e3b9dbff72a263fab7783b90aa9e541b1e1b6fc4ad638b1f1fd71aa13defcad3
SHA512

d3588b93266dfce86b4313c4e3dd9b598fd09cbe4f1fc5b4ee56f6c13a96419ea2c507695d10bfccfae5b1f38c858a3f3e451c616fda097cd8940511272fe96b
SSDEEP

384:LKzFru75N6KxcU1QpQFRXnYL4sLv+Anx77F/vT7Wbym3rRx648M646quy0J:LrN68v3nYL4sLv+iV71vT7oymbC48Nql

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d03309b4036b2c13e2d436382355510b_JaffaCakes118

Files

d03309b4036b2c13e2d436382355510b_JaffaCakes118
.sys windows:4 windows x86 arch:x86

a9be123c92139349b0c6d6ebc5bcb529

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
strrchr
wcsstr
isupper
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
tolower
KeServiceDescriptorTable
ZwSetValueKey
toupper
islower
PsGetVersion
srand
isxdigit
atol
strchr
isprint
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
KeDelayExecutionThread
wcsncmp
towlower
isspace
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
atoi
PsCreateSystemThread
_strnicmp
strstr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
isdigit
strncmp
strncpy
IofCompleteRequest

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9be123c92139349b0c6d6ebc5bcb529

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 4KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB